Ransomware 101: FBI's Education Effort

An exploitative cyberattack in which hackers encrypt victims' data until they provide payment is a growing threat warranting a targeted educational campaign, according to the FBI.

Stacy Stevens, a unit chief within the FBI's cyber division, told an audience in Washington on Thursday the bureau has seen an uptick in ransomware attacks over the past couple of months.

In 2013, about 1,200 people said they'd been victimized. Between January and March 2016, the FBI already had recorded 636, resulting in about $9.39 million in losses, which includes not only the ransom money but also the cost of replacement computers and stronger cybersecurity services in the aftermath of an attack.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

Over the next few months, the FBI is hosting several ransomware-focused workshops for the public; FBI employees and partners in the Secret Service are opening up their field offices across the country for these sessions, Stevens explained.

The public-private cyber nonprofits known as "Information Sharing and Analysis Centers," sponsored by the Homeland Security Department, are also hosting these workshops, she said.

Ransomware attacks can be particularly nefarious, especially because new versions often crop up with stronger encryption.

“It’s very tough to even keep track of them," Stevens said.

Even when a victim reports a ransomware attack to the federal government, “We do not have a key, NSA doesn’t have a key, DHS doesn’t have a key ... when the thing is locked, it’s locked.”

Cyber criminals could be getting more demanding, she said.

Erroneous media reports may have contributed to the success of some attacks, Stevens said. After a rash of hospitals were targeted last year, some publications reported FBI officials recommended paying the ransom, prompting some to pay. Stevens emphasized this was not the bureau's policy.

When they paid the ransom, "those criminals would go back and go, 'Hey, thanks for paying the ransom. You know what, since you paid $25,000, why don't you pay another $5,000?'" she said.

In the past, attackers would comply with their initial terms once ransom was paid, Stevens said.

"Now, when you pay the ransom, that criminal thinks this information is very important to them ... We see these folks getting a little bit more ... aggressive and sometimes, they won't even give you your stuff back," she said.